Avs Overview

Application Delivery for the
Extended Enterprise
Application Velocity System

Cisco Application Networking
October 2005
Session Number
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
IT Faces Dual Pressures
in the Global Enterprise
Increasing User
Functionality and
Distribution
Increasing
IT Consolidation
and Compliance
Today’s Apparent IT Choices
Emphasize Service at the Emphasize Cost and

Expense of Cost Compliance Over Service
Session Number
A New Perspective for IT
Network Operations Applications
• More bandwidth • More servers • More testing

• Lots of point products • More management tools • Rewrite applications
• Replicate data centers • Re-architect infrastructure • Security patching
Cisco Application Delivery Solutions
Network Operations Applications
CSS/CSM
WAN
Cat 6K
WAE WAE
AVS
Session Number
Cisco Application Delivery Solutions
• Cisco Application Delivery

Solutions cooperate to deliver
service across the extended
enterprise, allowing users to
interact as though they were
local
• The Solutions
Are network-based devices
At different points in the network
That offload functions from servers
And process applications in real-time
• Allow IT to meet business

requirements (service, flexibility)
plus the IT mandate for lower Like a reliable messenger, Cisco
costs and better compliance Helps IT Extend its Reach to
Support all Users and Applications
Across the Enterprise
Session Number
Performance Impedes Web-based Business
Applications Increasingly Represent
the Business
• Web promoted process automation across the
Extended Enterprise
• Pressure to move from staff to software drives
productivity
Solutions Should Serve All Users,

Everywhere
• Consolidation encouraging one-to-all
application support for all
• Fewer and fewer managed endpoints
• Security adds necessary overhead
Chokepoint Evolves From Bandwidth

to Latency
• Developers write for functionality
• Bandwidth issues are more limited
• Individual web page rendering can take 150
network calls
Session Number
New Solution for the Data Center
• Accelerate and optimize all

web-based applications across the
extended enterprise
• Data center-only deployment Application Velocity System
No client-side deployment
AVS
• Only data center appliance to
control and optimize at Layer-7
2X–response time improvements
80% decrease in bandwidth
requirements
80% fewer server cycles
• Deliver, monitor, and secure Cisco AVS 3120

application service to all users
Session Number
Application Delivery in the Data Center
Breakthrough impact on user response times

Features Benefits
• Full reverse application proxy • Dramatic response time
Application • Powerful unique optimizations improvements
Velocity
System • Integrated security/monitoring • No changes to
infrastructure or apps
The market-leading L4-7 switching platform
Features Benefits
• Load balancing • Application availability
CSS/CSM • SSL encryption/decryption • Server offload
Content Switch • Session redundancy • Network integrated
The World’s leading LAN switching platform

Features Benefits
• Highest industry performance • Scalable, robust, and future-proof
Catalyst Switch • Modular architecture • Multi-service integration
• Multi-service ready • World-class support
Session Number
AVS Does Real-time Application Processing
• Real-time application processing,

control, and optimization
• Any HTML or XML-based application
• Transparent session optimization and Network
client management Latency
Control
• Comprehensive policy and
Serv nctions
Redu width
rules-based operation
Func ction
Fu
tions
er O
• Pre-built templates for applications and
Band
content Application
ffloa
Delivery
• Interoperability with other Cisco
d
Engine
solutions
En n
Mo d-to a tio
nit -En c l
or d ppli wal
ing A ire
F
Session Number
AVS Delivers Real-World Value
Application Software AVS Cost of Likely Business Impact
Improvement Alternative
Call Center PeopleSoft 270% $4MM • Meet support goals with no

(High tech) (2 New Overseas additional staffing or costs
Data Centers)
Purchasing SAP 350% $5MM • Increase procurement

(Manufacturing) (Multiple Overseas automation
Data Centers)
Mortgage Custom 300% $2MM • 30% more transactions across

Origination J2EE: (Reengineer Apps same infrastructure
(Financial) WebSphere and Infrastructure)
Claims Custom 220% $3MM • Support “zero-footprint” branch

Management J2EE: (No Reengineering)
(Insurance) WebSphere
B2B Operations Plumtree 350% $500K annually • Move all costly paper-based
(Retail) (Upgrade 650 Sites) processes online
CRM Siebel 290% $2.4MM annually • Immediate jump in CRM usage
(Financial) (Upgrade 200 with Improved account retention
U.S. Locations)
Session Number
Technology Advantage
Functional Areas Basic Capabilities AVS Capabilities (*= Patented)

Accelerate 

Request aggregation / browser cache management*
Browser TCP multiplexing*
Network Latency  PDF download optimization
Management  Response redirection control*
Optimize  Gzip/DEFLATE compression  Delta encoding*

 Dynamic browser caching*
Bandwidth  Dynamic image optimization (JPG, GIF, PNG)
Reduction  Flexible processing rules
Offload  TCP connection multiplexing 


Configurable dynamic caching*
Load-based caching*
Server Efficiency  SSL offload and acceleration  Lazy request evaluation*
 Static caching  Single sign-on optimizations
 XML merging/transformation
Monitor  End-to-end response time monitoring

 Business transactions capability
Application QoS  Logging  First-line service triage
 System health checking
Secure  Rules-based protection  Out-of-the-box Layer-7 protections

 Stateful Content inspection policies
Protect  Comprehensive exception handling and monitoring
Applications
and
Infrastructure
Management/
Session Number
 SNMP access and control  Application delivery dashboard
 Service-level integration with BMC, HP, Cisco
etc. Confidential
Presentation_ID © 2005 Cisco Systems, Inc. All rights reserved. 10
Application Acceleration Examples
FlashForward
• Embedded objects referenced in HTML container
pages are served with Expires: which sets expiry in
the future.
• On 2nd visit Browser will not send GET for objects in
cache if the current date & time is not greater than
the object expiry date.
• This reduces the total number of HTTP requests for
subsequent visits to the same page.
• Benefits:
Decreased page download time
Decreased network congestion
Decreased number of requests to origin server
Session Number
Application Acceleration Examples
Delta Encoding
• HTML pages today are largely dynamically

generated making it not cacheable
• Browser must download entire page each visit.
• Delta works by calculating and sending only the
difference between two visits to an dynamic
HTML page
• Benefits:
Reduced bandwidth usage
Reduced page download times
Works in combination with other optimizations
Session Number
WAE and AVS Cooperate in the Branch
• End-user pull
Cisco.com
AVS makes dynamic content fully
cacheable
WAE serves locally in the branch
AVS cuts
• IT or Line of Business push
response
Content pre-positioned time by 53%
in the branch
AVS ensures freshness
es nopse R
iT
• Solutions cooperate to optimize WAE cuts response
em
SSL sessions time an additional
90%
C is c o . c o m + A V S AVS+W AE
Session Number
Application Monitoring
• End-user response time monitoring
Actual users and transactions
Application
Business- and process-level aggregation
Delivery
Full drill-down to page and location
Engine
• “Drop-in” deployment
End-to-End
No changes to application or desktop
Monitoring
Data center installation
• Delivery Dashboard and flexible
reporting
Wizard-based transaction builder
Support for Enterprise Consoles
(BMC, Tivoli, OpenView…)
• Benefits
End-user visibility
First-line problem triage
Reduce mean-time-to-repair
Session Number
Cisco Is Committed to Application
Networking
INTEGRATED
APPLICATIONS
Application Get More Value
Networking From Applications
INTEGRATED PHASE 3 and Services
Network Intelligence
SERVICES
Virtualized Networking Get More Value
Resources From Infrastructure
INTEGRATED PHASE 2 and Resources
TRANSPORT
The Intelligent Movement of Get More Access
Data/Voice/Video Across a System to Your People and
of Networks
PHASE 1 Resources
Time
Cisco’s Technology Vision:

The Intelligent Information Network
Session Number
Global and Diverse Customer Base
Manufacturi Financial Retail Government Other
ng Services Industries
& High
Tech
Portals and
Collaborati
on
Back-Office
Enterprise
Application
s
Customer
Care and
CRM
Custom
J2EE &
.NET Note: Not all customers are externally reference-able
application
Session Number
SGS
Profile
2.5B CHF global lCisco AVS 3110er in compliance
services. HQ: Geneva, Switz.
Challenge
Could not measure or meet service levels on key
applications to 36,000 employees in 120
countries.
Results
Measure and Meet global service levels without
data-center replication.
Session Number
Customer Profile: BMW UK
Profile
Global automaker known for performance
Challenge
Improve performance of used car application for
consumers and retail dealers.
Results
Double performance without rewriting
application.
Deployment:
Custom Vignette application, Cisco AVS 3110
Appliance
Session Number
TJX Companies
Profile
$14B apparel retailer; 105,000 employees US,
UK, Ireland. HQ: Framingham, MA.
Challenge
Could not meet service levels for data-center
consolidation of store management applications.
Results
Meet service levels on VSAT WAN without
application rewrites.
Deployment
WebSphere & Lotus, Cisco AVS 3110 S/W on
IBM Linux
Session Number
American Airlines
Profile
$18B airline
100,000 employees, 150 destinations.
Challenge
Difficulty measuring/meeting service levels at
global user base for enterprise applications
Results
Measure and Meet service levels without
additional data centers in Europe and Latin
America.
Deployment
Various applications, Cisco AVS 3110 Appliance
Session Number
Quantum
Profile
Cisco AVS 3110ing disk-drives manufacturer
Challenge
Difficulty measuring and meeting service levels
for employee portal & ERP worldwide.
Results
Measure service levels at end-user, meet service
levels without additional data centers.
Deployment
Plumtree & PeopleSoft, Cisco AVS 3110
Appliance
Session Number
Customer Profile: AXA Financial
Profile
$96B commercial and personal insurer; 80,000
employees worldwide. HQ: Paris, France.
Challenge
Poor application service levels of Siebel and
claims adjustment applications hindered business
automation
Results
Meet service levels at branch offices without
infrastructure upgrades or performance
engineering.
Deployment:
Custom Websphere, Siebel, Cisco AVS 3110
Appliance, Cisco Edge Cache
Session Number
Q and A
Like a reliable messenger, Cisco

Helps IT Extend its Reach to
Support all Users and
Applications Across the
Enterprise
Session Number
Roadmap: Next Version of AVS
• Supports AVS 3110 and 3120

• Supports All FineGround AppScreen Features
• Improve inbound attack feature sets
Quantity of attack rules
Ease of configuration
Customization attack rules Attacks Blocked
Match criteria, disposition and actions are expanded
Policy and Precedent – Cisco C3PL-like Security Model SQL Injection
Cross-Site Scripting
• Application Cloaking
Command Injection
• Customizable Error Return Codes Cookie/Session Poisoning
• Encrypted & Tamperproof Cookies Application Reconnaissance
• Learning Mode – Parameter Tampering
LDAP Injection
Buffer Overflows
• Click_To_Rule Recommendation Wizard Directory Traversals
• Granular URL Request and Header Limits Attack Obfuscation
• Data Theft Prevention Application Platform Exploits
Zero Day Attacks
• Add Transparent Inline & Out of Band Monitoring
Cookie Poisoning
• Increased performance Parameter Tampering
Session Number
Focus of Attacks Moves the
Application Layer
75% of Attacks
Focused Here
re
tu
Custom Web Applications
o
N na
Customized Packaged Apps
Internal and 3rd Party Code
i g
Business Logic & Code
S r
o es
Web
s t ch
Servers
Application
Servers
Database
Servers
Systems P
Operating a Operating
Systems
Operating
Systems
Network IDS Network

Firewall IPS
Comprehensive Application Security is the Answer!

Session Number
Bi-Directional Deep Inspection Enables
Application Inspection and Control
INSPECTS FOR: HTTP

FTP
User Access and Feature usage H.323
Malicious Software SIP
IP UDP
Illegal URLs & Key Words SCCP
Malevolent XML & Web Services IP TCP IM
Parameter Tampering P2P

SMTP
Application Abuse
DNS
Instant Messenger
MS RPC
Spyware CIFS
NetBIOS
• Deep packet inspection

• Enforce policy for application feature usage and user
controls
• Transaction logging and report for Application Security
forensics
• Protocol compliance and anomaly detection
Session Number
Application Cloaking
Hard to attack
what you can’t see
Invisible to Outside
Web Server type
Error Codes
App Server type
Nighthawk
Operating System
Version Numbers
Whisker scanning http://www.xyz.com
Servers: COULD NOT DETERMINE

Patch Levels
Server returned no data
Known Vulnerabilities
Vulnerable URL : None found
IP Addresses
Session Number
Nighthawk Foundation – Full visibility
Normalization of all traffic to a canonical form before applying policies
d5opx;ÐÓGE]Ì€³óâ=
[ZÜ¾çÙ‰Vð„'‰<½ %2E%2E%2Fhome%2Fuser../home/user
#Ôm]ëæoª5Zòˆ!0^Ý£kê
ØmtÈ‘œín‘k»A %2F%7Eroot%2Fetc%2Fpas
/~root/etc/p
H?>'5@Ì¿êÜ°Ýë;u
³7JMµ4[ø´Èò¾ø má¼ %2Fhomepage%2Findex%2/homepage/index/pictures/thumbs.html
Apply Security
Normalize Policy
Terminate and decrypt SSL
Stops attacks disguised by encrypting and encoding

Session Number
Protection Method:
Data Theft Protection
Credit Card
1234-5678-9012-3456
Social Security
123-45-6789
Driver’s License
A123456
Employee ID
S-924600
Patient ID
134-AR-627
PROBLEM
Users Any web app that links to critical Web
data may expose that data to Applications
hackers
Session Number
Data Theft Protection
Credit Card
MASK XXXX-XXXX-XXXX-3456
Social Security
MASK XXX-XX-XXXX
Driver’s License
BLOCK A123456
Employee ID
MASK XXXX
Patient ID
BLOCK 134-AR-627
Users Night hawk Appliance Web

Applications
Session Number

Avs Overview

Caricato da

Informazioni sul documento

Descrizione originale:

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Avs Overview

Caricato da

Copyright:

Formati disponibili

Application Delivery for the

Application Velocity System

Today’s Apparent IT Choices

Emphasize Service at the Emphasize Cost and

Network Operations Applications

• More bandwidth • More servers • More testing

Cisco Application Delivery Solutions

Network Operations Applications

• Cisco Application Delivery

• Allow IT to meet business

Solutions Should Serve All Users,

Chokepoint Evolves From Bandwidth

• Accelerate and optimize all

• Deliver, monitor, and secure Cisco AVS 3120

Breakthrough impact on user response times

The market-leading L4-7 switching platform

The World’s leading LAN switching platform

• Real-time application processing,

Call Center PeopleSoft 270% $4MM • Meet support goals with no

Purchasing SAP 350% $5MM • Increase procurement

Mortgage Custom 300% $2MM • 30% more transactions across

Claims Custom 220% $3MM • Support “zero-footprint” branch

Functional Areas Basic Capabilities AVS Capabilities (*= Patented)

Optimize  Gzip/DEFLATE compression  Delta encoding*

Offload  TCP connection multiplexing 

Monitor  End-to-end response time monitoring

Secure  Rules-based protection  Out-of-the-box Layer-7 protections

• HTML pages today are largely dynamically

Cisco’s Technology Vision:

Like a reliable messenger, Cisco

• Supports AVS 3110 and 3120

Network IDS Network

Comprehensive Application Security is the Answer!

INSPECTS FOR: HTTP

Parameter Tampering P2P

• Deep packet inspection

Servers: COULD NOT DETERMINE

Normalization of all traffic to a canonical form before applying policies

Stops attacks disguised by encrypting and encoding

Users Night hawk Appliance Web

Potrebbero piacerti anche